From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379128; cv=none; d=zohomail.com; s=zohoarc; b=bObcQw7X0UJJ4hRY14icecVqyvVjH6MDenDkNf1U23c6pgxpfhntExSaMwhworLU+qKXm8NiO5S3p20ZG7TGRUYlZHcxF12wh/rOGSUo+VAZAmZXvOUZKBKY/m/kgzcna1hCyLBwYZdsDJT2zlFot8oMXFTWLF4/IG7oRJCfAnw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379128; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VNc2ZnM/sEVTEAjI7Auhkvh8f3rsfbqUYYWM9jwLOT0=; b=GaMuOMQIK7DSCQNKHEGAZhwHPeZOKseJpowkxB240Yjq/JN/TA71E3RUcnQnhcAxX8uo3wmS2//WVsIAExGVEe5Aa6OrQptziLFeFpoOlSVNmSGsyRCmbXYzVaDbIU6N603JBaB/OULHe0q7YqkfNL9yveIq20h6l+EWKWY4jG8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1589379128265262.76371220363535; Wed, 13 May 2020 07:12:08 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-130-TpNshqqAMSmpx0KStCWoIw-1; Wed, 13 May 2020 10:12:05 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AE2A9107ACF2; Wed, 13 May 2020 14:11:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C3AA391; Wed, 13 May 2020 14:11:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5A3A0180BA96; Wed, 13 May 2020 14:11:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB3nM026908 for ; Wed, 13 May 2020 10:11:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id 400192017F0E; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 148642029F62 for ; Wed, 13 May 2020 14:10:56 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 40D28916102 for ; Wed, 13 May 2020 14:10:56 +0000 (UTC) Received: from mail-qt1-f194.google.com (mail-qt1-f194.google.com [209.85.160.194]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-54-4eVT6VCkPFauOd7uY1btOg-1; Wed, 13 May 2020 10:10:52 -0400 Received: by mail-qt1-f194.google.com with SMTP id 4so14234952qtb.4 for ; Wed, 13 May 2020 07:10:52 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:10:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379126; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=VNc2ZnM/sEVTEAjI7Auhkvh8f3rsfbqUYYWM9jwLOT0=; b=UIZGCQEBrRHsEGDDQ6NyojMgpC3zogQFPg4HPhvuO7CidMfM77h0v8fhLk24uf0fjFOhzL d58m1v/Kl4Qtksiu3bOLRvzIgDT1Ktd9ZenOio3Y6k05sQ8g9IvVaosWqk0ovJof6NH8ma OOlB0WCMSV8mB+54R2mREN0InfvVaSI= X-MC-Unique: TpNshqqAMSmpx0KStCWoIw-1 X-MC-Unique: 4eVT6VCkPFauOd7uY1btOg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VNc2ZnM/sEVTEAjI7Auhkvh8f3rsfbqUYYWM9jwLOT0=; b=Nm2Hq5jlDPe7iNtgkt+JYG8sxnx975ZZrZJ+zgsiN/c9wR0OoHQb9bgm6WOtc8tiZG 3zdAqoVduqOkmzJ3+lTYYdINKwXcuwqIlkQFkEwRB7YP5AUbMu5BFkSLSzJFM+S7eSg6 2qBJfkpi6pswJXHsg9N8GWNSX2L6Y64aThW1zaiAOh1ZklC7HhFNBPP5yMp59wj5E8BO zZRdlILWBCQFj3ClH+tkCgn2OlqnevZbbAMnXL0VskjGOHb+9Z+LBpWd+tfKN/6AeJ57 4FJWGBEBtgllPtpiyXKYZ5E18ItFeBWmmkTnKinZVw5aaDWEW4VpI3TQV/vePaTa3fjN hHiQ== X-Gm-Message-State: AGi0PubZijEwiok5zJtMRQzbtriP84jot0YcPoQ0eIx3UnzJIQdHRnO1 NQNtDtfQnWJCXloZqyNV9Okrlg1119o= X-Google-Smtp-Source: APiQypKXnwsBX/Oe0rPPEgk8QO15Oans18wzUqhINIYwwOjudS87iX7/wNaGs3Pf0QNJ7aoIPAOhbQ== X-Received: by 2002:ac8:7b8e:: with SMTP id p14mr28585081qtu.219.1589379052030; Wed, 13 May 2020 07:10:52 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 1/8] docs: documentation and schema for the new TPM Proxy model Date: Wed, 13 May 2020 11:10:32 -0300 Message-Id: <20200513141040.2580726-2-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" QEMU 4.1.0 introduced a new device type called TPM Proxy, currently implemented by PPC64 guests via a new virtual device called 'spapr-tpm-proxy' (see QEMU 0fb6bd073230 for more info). The TPM Proxy device interacts with a TPM Resource Manager, a host device capable of multiplexing the host TPM with multiple processes. This allows multiple guests to access some TPM features at the same time. Note that this mode of operation does not provide full TPM features to be available for the guest - for that case the guest still needs to assign a vTPM device (tpm-spapr for PPC64 guests). Although redundant, there is currently no technical limitation for a guest to assign both a vTPM and a TPM Proxy at the same time. This patch adds documentation and schema for a new TPM model type called 'spapr-tpm-proxy' that creates this new TPM Proxy device. This model is valid only for the 'passthrough' backend. An example of a TPM Proxy device connected to a TPM Resource Manager '/dev/tpmrm0' will look like this: Signed-off-by: Daniel Henrique Barboza --- docs/formatdomain.html.in | 16 +++++++++++++++- docs/schemas/domaincommon.rng | 1 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 23eb029234..ccbb696058 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8792,6 +8792,15 @@ qemu-kvm -net nic,model=3D? /dev/null backend device is a TPM 2.0. Since 6.1.0, pSeries guests on PPC64 are supported and the default is tpm-spapr. + + Since 6.4.0, a new model called + spapr-tpm-proxy was added for pSeries guests. This = model + only works with the 'passthrough' backend. It creates a TPM Proxy + device that allows a QEMU guest to interact with an existing TPM= Resource + Manager in the host, for example /dev/tpmrm0. A TPM Resource Man= ager + enables the host TPM device to be securely multiplexed across + several guests. Only one TPM Proxy device is allowed per guest, = but + a TPM Proxy device can be added together with other TPM devices.

backend
@@ -8804,7 +8813,7 @@ qemu-kvm -net nic,model=3D? /dev/null
passthrough

- Use the host's TPM device. + Use the host's TPM or TPM Resource Manager device.

This backend type requires exclusive access to a TPM device = on @@ -8812,6 +8821,11 @@ qemu-kvm -net nic,model=3D? /dev/null qualified file name is specified by path attribute of the source element. If no file name is specified th= en /dev/tpm0 is automatically used. + + Since 6.4.0, when choosing the + spapr-tpm-proxy model, the file name specified = is + expected to be a TPM Resource Manager device, e.g. + /dev/tpmrm0.

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 9d60b090f3..50860419c3 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4610,6 +4610,7 @@ tpm-tis tpm-crb tpm-spapr + spapr-tpm-proxy --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379115; cv=none; d=zohomail.com; s=zohoarc; b=BX8eudnAFoDBPMMGdrRhIW0Sau36A84u3ld0PbnTkhQoQFvKXLxrUGGb6ItfYM0uYo9+8pTFNCiUXZyiS5UQ/qQ/Gkr2qV+JZ7UxmwYwBTyMjl9wAAnMVq5y/P/+4M6OPkBVhY9l9WgRQm/bRO+pbY0qFrd5cid1B15qAxMvI6c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379115; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=IukNsKfwJkMaiu4E2/jA49VcTyr+cVGVWCb8TWvjGKk=; b=K1kmOn3gJ4yKvjJTCS8AfJa4BNRC3j/W1O45ZSAK2LQldbbV/2AtCU5no8PxCszGXPgZ7+qh+gM2cK+UpqPGM9i8/uRRuC8vqhdqiP39db4Bz6lzwobTvLoI7Bu9RFSHUo1d+VGXeOkE7rPZFWuu9jnuLAdPEBbJTeXI88u02WY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 158937911520947.90051502771587; Wed, 13 May 2020 07:11:55 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-144-EF1q7KwtPP2l0a0lTCrbzg-1; Wed, 13 May 2020 10:11:51 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EFEF7107ACCD; Wed, 13 May 2020 14:11:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CCFD7196AE; Wed, 13 May 2020 14:11:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9DD5E4CAAD; Wed, 13 May 2020 14:11:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB1FR026895 for ; Wed, 13 May 2020 10:11:02 -0400 Received: by smtp.corp.redhat.com (Postfix) id A6ADF128A81; Wed, 13 May 2020 14:11:01 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6C041128A91 for ; Wed, 13 May 2020 14:10:57 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3B73C18E0AC6 for ; Wed, 13 May 2020 14:10:57 +0000 (UTC) Received: from mail-qt1-f196.google.com (mail-qt1-f196.google.com [209.85.160.196]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-275-gJpf8Y6INAO0438JesyCdQ-1; Wed, 13 May 2020 10:10:54 -0400 Received: by mail-qt1-f196.google.com with SMTP id h26so14214193qtu.8 for ; Wed, 13 May 2020 07:10:54 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:10:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379113; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=IukNsKfwJkMaiu4E2/jA49VcTyr+cVGVWCb8TWvjGKk=; b=Gr3H8q8KMONePG96EFVyCDimx13rsq6uABaP2OOLU10Hfu+eEdI9ay7xhGZNtGARZtTmQf gDgKcESG1MfpupNnvv0U/Hn6xgojWA3jAO7aZUfrOFXjVplpCUWmrA9+MpREspMN5g7Hcw h0//kBkdsZmY1hFExuUymDRC0wwVUYc= X-MC-Unique: EF1q7KwtPP2l0a0lTCrbzg-1 X-MC-Unique: gJpf8Y6INAO0438JesyCdQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IukNsKfwJkMaiu4E2/jA49VcTyr+cVGVWCb8TWvjGKk=; b=nF7tfPZQG7oES0k7lPYtyyLZ6qCAWbsC3f6i7YdE+D0vbS+J0X4Kc1kwwUMahK3km6 aR9rQkgDs4bzGGhn1S7mDDcaRckVnxzWKO5DmYvZGHYgUGZbxTaCP9IE2HVZuPwPdFK6 K/dhyWZ0tiuxVdrAtgN6NpF11wyTOkEX6rxJN36GjIWi/VipiWvR2368R64vSVCTzxTN 2iZvK+FxvWXA1UxZvBIhGdiwJdo4yu8Q9ZY3ASTsB8uvYGmQZZIlG6XD2vZxcs4Z8FOd RgFg8XJnQoN1XoI5sDiDsz/T/6iZIyIvpyCAOj23fTOy3vp0ck771ZoT6OxsZnGZtd4Y 5tuw== X-Gm-Message-State: AOAM531U+CTMn/OT+T/srAPGnok11ATOTdfUEdHiRqmmK9PxorYPdAMs LqSM6l60nPyur3N/6uizJNnIZn+3sZg= X-Google-Smtp-Source: ABdhPJwIHkLO82M8VtsIgwigfk3qF8gv8OEjxtj5halK5lJIgiZjGTUhUDjZuwGLdsvWOVCgbXS/EA== X-Received: by 2002:ac8:2979:: with SMTP id z54mr5738708qtz.14.1589379053617; Wed, 13 May 2020 07:10:53 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 2/8] qemu: Extend QEMU capabilities with 'spapr-tpm-proxy' Date: Wed, 13 May 2020 11:10:33 -0300 Message-Id: <20200513141040.2580726-3-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Expose the TPM Proxy support for PPC64 guests by creating a new cap called QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY. This device is part of the machinery the guest need to orchestrate with the PPC64 Ultravisor the transition to the Secure VM (SVM) mode. Inside QEMU, this device will be used with the H_TPM_COMM hypercall to connect with the TPM Resource Manager, enabling the guest to open and close TPM sessions with the host TPM. Signed-off-by: Daniel Henrique Barboza Reviewed-by: Stefan Berger --- src/qemu/qemu_capabilities.c | 4 ++++ src/qemu/qemu_capabilities.h | 3 +++ tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + 4 files changed, 9 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 7e711f22f8..d0d8b1ebf5 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -582,6 +582,9 @@ VIR_ENUM_IMPL(virQEMUCaps, "tcg", "virtio-blk-pci.scsi.default.disabled", "pvscsi", + + /* 370 */ + "spapr-tpm-proxy", ); =20 =20 @@ -1304,6 +1307,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[= ] =3D { { "vhost-user-fs-device", QEMU_CAPS_DEVICE_VHOST_USER_FS }, { "tcg-accel", QEMU_CAPS_TCG }, { "pvscsi", QEMU_CAPS_SCSI_PVSCSI }, + { "spapr-tpm-proxy", QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY }, }; =20 =20 diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 6bfc7386e3..fa22856e12 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -564,6 +564,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED, /* virtio-blk-pci.scsi dis= abled by default */ QEMU_CAPS_SCSI_PVSCSI, /* -device pvscsi */ =20 + /* 370 */ + QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY, /* -device spapr-tpm-proxy */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; =20 diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_4.2.0.ppc64.xml index a68786ddc8..9df68ebfc1 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml @@ -185,6 +185,7 @@ + 4001050 0 42900242 diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_5.0.0.ppc64.xml index c8cc07d954..77f51fe4d8 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml @@ -201,6 +201,7 @@ + 5000000 0 42900241 --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379126; cv=none; d=zohomail.com; s=zohoarc; b=Ut2HA+tinozWldI+9LF5Ud2DlpY+qU27/NLZ5BZeqmH+P1LFbi1uhlbbKMOrwu+jfqlC0Gdquddkut58LXLD2TcucctsnhVslw9/Ewu44U9FISgIdMJAg1NzxzWbtA/Rg8eB9VvVN3zEYlSuoszMTalQxBEIX5dJIocv6lpTFK0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379126; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=TR1jjpgqIoJDPwvEcF7HpYpLRRq/yeh06yHJ5P7EKXc=; b=Uu1756h+NgN0roBismLc9bZFk2r2aPPojDQQ8wf/HtjksSbJ+Dz7LHfaRn2KR/+gC6oMlj8hKz3147inej9yvkFT8NxIywn+SLaWv32pVTK9Z7PhwZ1EZBN7Ky39iAo/RcYFLLJijoQFGi1iONj7riiPcWVVmjwTkNKbBQJ7VFs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1589379126207985.088284400665; Wed, 13 May 2020 07:12:06 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-109-lNH-WEwlNmm04CpaHi61nw-1; Wed, 13 May 2020 10:12:02 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7246C1009446; Wed, 13 May 2020 14:11:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 530FC61547; Wed, 13 May 2020 14:11:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 249634CAA7; Wed, 13 May 2020 14:11:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB182026893 for ; Wed, 13 May 2020 10:11:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8DB742144B36; Wed, 13 May 2020 14:11:01 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 75FA8217B43D for ; Wed, 13 May 2020 14:11:01 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 69D7D916119 for ; Wed, 13 May 2020 14:10:59 +0000 (UTC) Received: from mail-qk1-f196.google.com (mail-qk1-f196.google.com [209.85.222.196]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-466-IA1Mf3EHMgCzYWE-s__iSw-1; Wed, 13 May 2020 10:10:56 -0400 Received: by mail-qk1-f196.google.com with SMTP id 190so11857298qki.1 for ; Wed, 13 May 2020 07:10:56 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:10:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379124; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=TR1jjpgqIoJDPwvEcF7HpYpLRRq/yeh06yHJ5P7EKXc=; b=KLYxvNV1A1sytmvnpB2MCeHeu4hwD//UYu/pGt1tYz6yDT/TJXGqkNOrmGcZ4viPK9bJIj 9X548DJKICQY+oZJQUx8Uq0IZYZdXmvAcK/tYQqy90SInUnTxjc1jrGAsp7RJCAx7CWJFH gEZr4WEzsP5M85aZD/y20Ccjj2k/V+0= X-MC-Unique: lNH-WEwlNmm04CpaHi61nw-1 X-MC-Unique: IA1Mf3EHMgCzYWE-s__iSw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TR1jjpgqIoJDPwvEcF7HpYpLRRq/yeh06yHJ5P7EKXc=; b=IYTpsNBtwK8B6OqI546nahaKPyti7gnG1FwPpOq0d9drfW0mfMGSxVcXapgop/z7nc +2x83+PIpxLKqHKvLZwn3r0MoFXgs5Hlt/9QNQH7oJdMfsLsrMTIJP3OKVWfuz9RdcCZ m95ipggNgKlq4CMZNJ3qZe1nupBF/Jb+KUaxNuvpXAHmvp2kRDKXfmMCkFJiVeoPeNtx HAaop/lxoDWnWUQBZ7nsYWDLg2uyct6bwh06IPZU//3FhOOBzZCNR96p3xeVOLqhMQac 1bWpBoT9U2e4kYYSxyvyr0yg4p32xPl6IA2G87gnF07WgBNrvrxuTtRPpKs0YDydnAHa sbLQ== X-Gm-Message-State: AGi0PuZ4q5uq50scXqn/jB1Y9baK8FqlEhLatvo9F1LnWUk1anWXGh0i vw/+EZqZXjGpNFAvQYaK6mKufJ2EDwg= X-Google-Smtp-Source: APiQypKpCvykWK/wyuHJIjogfn3t6HsQKzAm1zgQppyasoQaRe1sD/HSA8CyiNJ9d2FlCFfHg6eTcw== X-Received: by 2002:a37:e4c:: with SMTP id 73mr16804250qko.66.1589379055448; Wed, 13 May 2020 07:10:55 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 3/8] conf, qemu: adding 'tpmproxy' in domain definition Date: Wed, 13 May 2020 11:10:34 -0300 Message-Id: <20200513141040.2580726-4-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" A TPM Proxy device can coexist with a regular TPM. The TPM Proxy is also always a 'passthrough' device of the 'spapr-tpm-proxy' model. This patch adds a pointer to this device in the domain definition called 'tpmproxy'. This pointer is handled like the existing 'tpm' pointer of the VIR_DOMAIN_TPM_TYPE_PASSTHROUGH type. Cgroup, DAC/SELinux and qemu validation code was adapted to handle this new domain device. XML functions to parse and format this new device from/to XML will be added in the next patch, together with the logic that will guarantee the assumptions made in the first paragraph. Signed-off-by: Daniel Henrique Barboza --- src/conf/domain_audit.c | 3 +++ src/conf/domain_conf.c | 18 ++++++++++++++++++ src/conf/domain_conf.h | 2 ++ src/qemu/qemu_cgroup.c | 12 +++++++++--- src/qemu/qemu_domain.c | 9 +++++---- src/qemu/qemu_validate.c | 12 ++++++++++++ src/security/security_dac.c | 14 ++++++++++++++ src/security/security_selinux.c | 11 +++++++++++ 8 files changed, 74 insertions(+), 7 deletions(-) diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 1b0abb21a0..4575f66e45 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -824,6 +824,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *rea= son, bool success) if (vm->def->tpm) virDomainAuditTPM(vm, vm->def->tpm, "start", true); =20 + if (vm->def->tpmproxy) + virDomainAuditTPM(vm, vm->def->tpmproxy, "start", true); + for (i =3D 0; i < vm->def->nshmems; i++) virDomainAuditShmem(vm, vm->def->shmems[i], "start", true); =20 diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c201fc901d..01a32f62d1 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1165,6 +1165,7 @@ VIR_ENUM_IMPL(virDomainTPMModel, "tpm-tis", "tpm-crb", "tpm-spapr", + "spapr-tpm-proxy", ); =20 VIR_ENUM_IMPL(virDomainTPMBackend, @@ -3480,6 +3481,7 @@ void virDomainDefFree(virDomainDefPtr def) VIR_FREE(def->mems); =20 virDomainTPMDefFree(def->tpm); + virDomainTPMDefFree(def->tpmproxy); =20 for (i =3D 0; i < def->npanics; i++) virDomainPanicDefFree(def->panics[i]); @@ -4318,6 +4320,12 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr d= ef, if ((rc =3D cb(def, &device, &def->tpm->info, opaque)) !=3D 0) return rc; } + if (def->tpmproxy) { + device.type =3D VIR_DOMAIN_DEVICE_TPM; + device.data.tpm =3D def->tpmproxy; + if ((rc =3D cb(def, &device, &def->tpmproxy->info, opaque)) !=3D 0) + return rc; + } device.type =3D VIR_DOMAIN_DEVICE_PANIC; for (i =3D 0; i < def->npanics; i++) { device.data.panic =3D def->panics[i]; @@ -24344,6 +24352,16 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr= src, goto error; } =20 + if (src->tpmproxy && dst->tpmproxy) { + if (!virDomainTPMDefCheckABIStability(src->tpmproxy, dst->tpmproxy= )) + goto error; + } else if (src->tpmproxy || dst->tpmproxy) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Either both target and source domains or none of= " + "them must have TPM Proxy device present")); + goto error; + } + if (src->nmems !=3D dst->nmems) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Target domain memory device count %zu " diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index ddc75d8de2..8f178ade34 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1293,6 +1293,7 @@ typedef enum { VIR_DOMAIN_TPM_MODEL_TIS, VIR_DOMAIN_TPM_MODEL_CRB, VIR_DOMAIN_TPM_MODEL_SPAPR, + VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY, =20 VIR_DOMAIN_TPM_MODEL_LAST } virDomainTPMModel; @@ -2628,6 +2629,7 @@ struct _virDomainDef { virDomainMemballoonDefPtr memballoon; virDomainNVRAMDefPtr nvram; virDomainTPMDefPtr tpm; + virDomainTPMDefPtr tpmproxy; virCPUDefPtr cpu; virSysinfoDefPtr sysinfo; virDomainRedirFilterDefPtr redirfilter; diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 2e019b64af..2ed4341655 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -333,10 +333,13 @@ qemuSetupChardevCgroupCB(virDomainDefPtr def G_GNUC_U= NUSED, =20 =20 static int -qemuSetupTPMCgroup(virDomainObjPtr vm) +qemuSetupTPMCgroup(virDomainObjPtr vm, + virDomainTPMDefPtr dev) { int ret =3D 0; - virDomainTPMDefPtr dev =3D vm->def->tpm; + + if (!dev) + return 0; =20 switch (dev->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: @@ -806,7 +809,10 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm) vm) < 0) return -1; =20 - if (vm->def->tpm && qemuSetupTPMCgroup(vm) < 0) + if (qemuSetupTPMCgroup(vm, vm->def->tpm) < 0) + return -1; + + if (qemuSetupTPMCgroup(vm, vm->def->tpmproxy) < 0) return -1; =20 for (i =3D 0; i < vm->def->nhostdevs; i++) { diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a1b250fd0b..a344f8a0e6 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11574,11 +11574,9 @@ qemuDomainSetupAllChardevs(virQEMUDriverConfigPtr = cfg G_GNUC_UNUSED, =20 static int qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED, - virDomainObjPtr vm, + virDomainTPMDefPtr dev, const struct qemuDomainCreateDeviceData *data) { - virDomainTPMDefPtr dev =3D vm->def->tpm; - if (!dev) return 0; =20 @@ -11823,7 +11821,10 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cf= g, if (qemuDomainSetupAllChardevs(cfg, vm, &data) < 0) goto cleanup; =20 - if (qemuDomainSetupTPM(cfg, vm, &data) < 0) + if (qemuDomainSetupTPM(cfg, vm->def->tpm, &data) < 0) + goto cleanup; + + if (qemuDomainSetupTPM(cfg, vm->def->tpmproxy, &data) < 0) goto cleanup; =20 if (qemuDomainSetupAllGraphics(cfg, vm, &data) < 0) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 584d1375b8..7210be3532 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -3602,6 +3602,7 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm, case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH)) goto no_support; + break; =20 case VIR_DOMAIN_TPM_TYPE_EMULATOR: @@ -3623,6 +3624,17 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm, case VIR_DOMAIN_TPM_MODEL_SPAPR: flag =3D QEMU_CAPS_DEVICE_TPM_SPAPR; break; + case VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY: + if (!ARCH_IS_PPC64(def->os.arch)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("TPM Proxy model %s is only available for " + "PPC64 guests"), + virDomainTPMModelTypeToString(tpm->model)); + return -1; + } + + flag =3D QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY; + break; case VIR_DOMAIN_TPM_MODEL_LAST: default: virReportEnumRangeError(virDomainTPMModel, tpm->model); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index bdc2d7edf3..e0542d2839 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1980,6 +1980,13 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr = mgr, rc =3D -1; } =20 + if (def->tpmproxy) { + if (virSecurityDACRestoreTPMFileLabel(mgr, + def, + def->tpmproxy) < 0) + rc =3D -1; + } + if (def->sev) { if (virSecurityDACRestoreSEVLabel(mgr, def) < 0) rc =3D -1; @@ -2159,6 +2166,13 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, return -1; } =20 + if (def->tpmproxy) { + if (virSecurityDACSetTPMFileLabel(mgr, + def, + def->tpmproxy) < 0) + return -1; + } + if (def->sev) { if (virSecurityDACSetSEVLabel(mgr, def) < 0) return -1; diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 9a929debe1..e80d43c0a7 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2763,6 +2763,12 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager= Ptr mgr, rc =3D -1; } =20 + if (def->tpmproxy) { + if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, + def->tpmproxy) < 0) + rc =3D -1; + } + struct _virSecuritySELinuxChardevCallbackData chardevData =3D { .mgr =3D mgr, .chardevStdioLogd =3D chardevStdioLogd @@ -3171,6 +3177,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr = mgr, return -1; } =20 + if (def->tpmproxy) { + if (virSecuritySELinuxSetTPMFileLabel(mgr, def, def->tpmproxy) < 0) + return -1; + } + struct _virSecuritySELinuxChardevCallbackData chardevData =3D { .mgr =3D mgr, .chardevStdioLogd =3D chardevStdioLogd --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379132; cv=none; d=zohomail.com; s=zohoarc; b=V1FXRw28bIWTs6/bmYYIZWUrPY5LdDYEfS+VJ6ZEpiX5bjieR+Ynj3uuAqEwvPLjWR/IXWuf1Bi2UBcqObXoy/bFcBHjxsQT1eHk2tAN+2fcti3y6cXbvYpXho35HbyF+ETn5GB9bjbqrdxV37YlHNlUmMgztitNjGFcryIK8OU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379132; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=7UNFEkpwchPZu9LV7NiYQhf2gcGkt4JbhA+K+XJIc4c=; b=E+m5yYKqLSnhTLGM/2ghqAmi5V+luQvO+lJIMGFk3TCG+xR9cnht7ticsaiJ/3UuN6T0Jkc8Aun07zwiCOonpjL1mlxJAfJH1RVl1xrX6VH5pWSNdGiWOpN6XARnnvB1EUrxKlVtP8Ivz15d3JOiKSkA4bP2CNVAmx0P+0O6zkc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1589379132980570.3130842418219; Wed, 13 May 2020 07:12:12 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-348-8U2NzML4OXWB5ItzBvQcCQ-1; Wed, 13 May 2020 10:12:07 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1E92E8018A2; Wed, 13 May 2020 14:12:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EEC88783B3; Wed, 13 May 2020 14:12:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BD97A4CAB0; Wed, 13 May 2020 14:12:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB5UZ026931 for ; Wed, 13 May 2020 10:11:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id F23092156A53; Wed, 13 May 2020 14:11:04 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DEAF42156A4B for ; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9B1F11097ACA for ; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from mail-qt1-f194.google.com (mail-qt1-f194.google.com [209.85.160.194]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-511-4eikH_fXOAK0Re6RPkDaXA-1; Wed, 13 May 2020 10:10:57 -0400 Received: by mail-qt1-f194.google.com with SMTP id h26so14214364qtu.8 for ; Wed, 13 May 2020 07:10:57 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:10:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379130; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=7UNFEkpwchPZu9LV7NiYQhf2gcGkt4JbhA+K+XJIc4c=; b=HgjsLg8Oz9MIyU3puNqrSwDOPHakIiz4792rhgX0eiZ/sm2zHie2bDE304U7QTSS1WR4m1 S7l2PWHw9er00lI0Qr7ngtNY5cGhn7jA1jhXfEi6qHobHO/eTmkJTSysm1FfXRcHedYDWA C2bW3h8RLmi+HE1KU2nSOfYs5ruWrgI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379131; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=7UNFEkpwchPZu9LV7NiYQhf2gcGkt4JbhA+K+XJIc4c=; b=B4tSe4BETfHN2MjAuEifhFP+5pJ79SBdKJAxaa8UfK07flT8Y/1LE3g8pqHsWCpcS3sDpc 5tx2EFFmDYLwLfMiqGVLbow/Phyzkmvm6xUIPX3+9+bPaVoFCiE7mxPIQPmlC2+lChoH4y YyrhvdlubesF0LVecYEJY1JUG6Txc80= X-MC-Unique: 8U2NzML4OXWB5ItzBvQcCQ-1 X-MC-Unique: 4eikH_fXOAK0Re6RPkDaXA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7UNFEkpwchPZu9LV7NiYQhf2gcGkt4JbhA+K+XJIc4c=; b=mjuzsGR6X87WIzm8yp2XyjGxeyP14Pek0sZm5JZsa6/dg1dinSDs5npXtJC0TxCAm3 UXxDNCP7PPZ+idGlcu4afuoSIIron09atPi/wB71h5wIYMbkz38yB9ZmstFxKdOtxIys +hnXgphnaa7IPvGrGEM9FmbwTsCErtByAGfKZVEEQXw7S42UZX9umf54txFNLWFkwdxy JWAIOI68DUvIGwj/XsYu5sU5PP3WuzMADts9WkSNio+jFSe37Ej/D93PIe6CljAwkIy2 e+lGJ1lYdGBOHY3R9HyfFBCvoo4pI1450PVE6F4r9mLk12eSKcsJXwx6dnZSx2c5Jkeb PK5g== X-Gm-Message-State: AGi0PubIhL1FGCWp2g0dIske9ZXVpjp5EHRnn//iYns5wrQHNsxAPTQ0 gcp+xXEhiuhqRvPOGbvKqMWHw3AQWO4= X-Google-Smtp-Source: APiQypKyeppeeOdVdjikjcdQallhp8nrL+6nhyfMxW76MJ6ICVdaW+kZsINl5txaN6L+hxwZ0pXhXA== X-Received: by 2002:ac8:4b5b:: with SMTP id e27mr26439367qts.46.1589379057041; Wed, 13 May 2020 07:10:57 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 4/8] domain_conf.c: XML parsing for VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY Date: Wed, 13 May 2020 11:10:35 -0300 Message-Id: <20200513141040.2580726-5-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Aside from trivial XML parsing/format changes, this patch adds additional rules for TPM device support to better accomodate all the available scenarios with the new TPM Proxy. The changes make no impact to existing domains. This means that the scenario of a domain with a single TPM device is still supported in the same way. The restriction of multiple TPM devices got alleviated to allow a TPM Proxy device to be added together with a TPM device in the same domain. All other combinations are still forbidden. To summarize, after this patch, the following combinations in the same domain are valid: - a single TPM device - a single TPM Proxy device - a single TPM + single TPM Proxy devices These combinations in the same domain are NOT allowed: - 2 or more TPM devices - 2 or more TPM Proxy devices Signed-off-by: Daniel Henrique Barboza --- src/conf/domain_conf.c | 47 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 01a32f62d1..33b7d69318 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -13730,6 +13730,14 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlo= pt, goto error; } =20 + /* TPM Proxy devices have 'passthrough' backend */ + if (def->model =3D=3D VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY && + def->type !=3D VIR_DOMAIN_TPM_TYPE_PASSTHROUGH) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("'Passthrough' backend is required for TPM Proxy = devices")); + goto error; + } + if (virDomainDeviceInfoParseXML(xmlopt, node, &def->info, flags) < 0) goto error; =20 @@ -21972,15 +21980,41 @@ virDomainDefParseXML(xmlDocPtr xml, if ((n =3D virXPathNodeSet("./devices/tpm", ctxt, &nodes)) < 0) goto error; =20 - if (n > 1) { + if (n > 2) { virReportError(VIR_ERR_XML_ERROR, "%s", - _("only a single TPM device is supported")); + _("a maximum of two TPM devices is supported, one o= f " + "them being a TPM Proxy device")); goto error; } =20 if (n > 0) { - if (!(def->tpm =3D virDomainTPMDefParseXML(xmlopt, nodes[0], ctxt,= flags))) - goto error; + for (i =3D 0; i < n; i++) { + virDomainTPMDefPtr dev =3D virDomainTPMDefParseXML(xmlopt, nod= es[i], ctxt, flags); + + if (!dev) + goto error; + + /* TPM Proxy devices must be held in def->tpmproxy. Error + * out if there's a TPM Proxy declared already */ + if (dev->model =3D=3D VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY) { + if (def->tpmproxy) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only a single TPM Proxy device is su= pported")); + VIR_FREE(dev); + goto error; + } + def->tpmproxy =3D g_steal_pointer(&dev); + } else { + /* all other TPM devices goes to def->tpm */ + if (def->tpm) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only a single TPM non-proxy device i= s supported")); + VIR_FREE(dev); + goto error; + } + def->tpm =3D g_steal_pointer(&dev); + } + } } VIR_FREE(nodes); =20 @@ -29807,6 +29841,11 @@ virDomainDefFormatInternalSetRootName(virDomainDef= Ptr def, goto error; } =20 + if (def->tpmproxy) { + if (virDomainTPMDefFormat(buf, def->tpmproxy, flags) < 0) + goto error; + } + for (n =3D 0; n < def->ngraphics; n++) { if (virDomainGraphicsDefFormat(buf, def->graphics[n], flags) < 0) goto error; --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379090; cv=none; d=zohomail.com; s=zohoarc; b=AKsQU0xWhe+Sj3xm1yRgWARxj3w4kaHrFnBb6vZjfYzC9yGPL6jcPAMpbbJS31178Tsz5aHk2o9FDi4RfBVuHRAwm7QX9q4l/qK+JFhr6JHGdhobxXdSnsL1Mqp4c1cUpuHL6T7F8t5Vmoh2/Nq/GFRTft6i9YGvgRtY8NvL/mE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379090; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QkQa5y3iCXno24WmByxGJvZ+yMoR7dFCAwIkJQHyn4Q=; b=Y3Uh3T6X+MnFze/MBOumoKufSzdn18KmCt+Wq7tKTJWUaO2cWA37dTNz/ozI5CWlolZRKxaWhzuYPTXzw+FmnZXkhvVyz5ACXtyMWtGJh/8WdywWlAhBb3K7U/BzO7pO0Q4a19lzn/CP0vj+oz9YmfBOANLsoLecMoTZjFVSHQE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1589379090282634.801784904372; Wed, 13 May 2020 07:11:30 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-145-Zig620abM9ib-1L8BFVXpg-1; Wed, 13 May 2020 10:11:25 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4B9B71841950; Wed, 13 May 2020 14:11:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AE7D35C1D2; Wed, 13 May 2020 14:11:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 080881809543; Wed, 13 May 2020 14:11:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB5Ko026922 for ; Wed, 13 May 2020 10:11:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id E39872017F11; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A49AC201808D for ; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5653E862F7A for ; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from mail-qk1-f194.google.com (mail-qk1-f194.google.com [209.85.222.194]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-197-Fkxmfz-DMumR_qrdv0Ji_A-1; Wed, 13 May 2020 10:10:59 -0400 Received: by mail-qk1-f194.google.com with SMTP id g185so17410313qke.7 for ; Wed, 13 May 2020 07:10:59 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:10:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379088; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=QkQa5y3iCXno24WmByxGJvZ+yMoR7dFCAwIkJQHyn4Q=; b=Sz4o+J9iiHGs0qL3FyLDzI5izAA7oCagxYH1zAPbngSXJx2BCkcKfxjTe+QMw4b59bpBHa 3V7BRV8ZgaCjlipbCKXZmsdKICmfKEaCxLbscAzKQXerJOao8bNa/qS/GIyAfB4rqqpmQt aYF5EvY8wJsRGhKNVrK7QH5vGx/1jto= X-MC-Unique: Zig620abM9ib-1L8BFVXpg-1 X-MC-Unique: Fkxmfz-DMumR_qrdv0Ji_A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QkQa5y3iCXno24WmByxGJvZ+yMoR7dFCAwIkJQHyn4Q=; b=jVDZFkk6hOYYHQ9VuQ7s1v32jBne6hdq/Ks5qH1aa8hbd2cLtSWc+6SdrtVNWakrde DIKVhEXK5/tO6LJhmrbAOI3iUo7U5VjcWy++ty86J2WOugk/b+s2MGVKXIlWOkbHuKeR l8prO6hPg7ZYm9p0fz//J0jQ996qku4mXqg1xD08j9w+6o5SkYS327LJu/o4uhcH7icR EroMsQrOVxMi918G5tfihoTRXYAtpUWUglipwZvemO5Q9cB0GIWB/H/VO3b2u2xfZmu+ q9urgfXUrFWn5+FzXSMBFnwywyr6Jb3wwzm2eq7AG8RLLjBUsNa5/yMrjtZn9p7BCzzu GPGA== X-Gm-Message-State: AGi0PuZS/7E5I53f1kvX4nxigC1H0heVrdWSWL0PtmSp8r0ihBGYAe8R kMsX4qMerSwepGSH/58R/IZaFGpLB8I= X-Google-Smtp-Source: APiQypKMd0yrhqCDGMnZJEGQE3RuizVKLvC73W9SThX2T/lGM4YfPj8vpNA1O4+i7zSdSqYhREzBIQ== X-Received: by 2002:a05:620a:816:: with SMTP id s22mr26453481qks.348.1589379058853; Wed, 13 May 2020 07:10:58 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 5/8] tests: add XML schema tests for the TPM Proxy device Date: Wed, 13 May 2020 11:10:36 -0300 Message-Id: <20200513141040.2580726-6-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This tests aims to exercise how a TPM Proxy device can be added in the domain, either alone or with a regular TPM device. It also ensures that we do not allow bogus scenarios to slip by. Signed-off-by: Daniel Henrique Barboza Reviewed-by: Stefan Berger --- tests/qemuxml2argvdata/ppc64-tpm-double.xml | 34 ++++++++++++++ .../ppc64-tpmproxy-double.xml | 38 +++++++++++++++ .../ppc64-tpmproxy-single.xml | 33 +++++++++++++ .../ppc64-tpmproxy-with-tpm.xml | 36 +++++++++++++++ tests/qemuxml2argvtest.c | 12 +++++ .../ppc64-tpmproxy-single.ppc64-latest.xml | 42 +++++++++++++++++ .../ppc64-tpmproxy-with-tpm.ppc64-latest.xml | 46 +++++++++++++++++++ tests/qemuxml2xmltest.c | 2 + 8 files changed, 243 insertions(+) create mode 100644 tests/qemuxml2argvdata/ppc64-tpm-double.xml create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-double.xml create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.xml create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.xml create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-la= test.xml create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-= latest.xml diff --git a/tests/qemuxml2argvdata/ppc64-tpm-double.xml b/tests/qemuxml2ar= gvdata/ppc64-tpm-double.xml new file mode 100644 index 0000000000..5e077659f3 --- /dev/null +++ b/tests/qemuxml2argvdata/ppc64-tpm-double.xml @@ -0,0 +1,34 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + + + + + destroy + restart + restart + + /usr/bin/qemu-system-ppc64 + +
+ + + + + + + + +
+ + + diff --git a/tests/qemuxml2argvdata/ppc64-tpmproxy-double.xml b/tests/qemux= ml2argvdata/ppc64-tpmproxy-double.xml new file mode 100644 index 0000000000..12abda509e --- /dev/null +++ b/tests/qemuxml2argvdata/ppc64-tpmproxy-double.xml @@ -0,0 +1,38 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + + + + + destroy + restart + restart + + /usr/bin/qemu-system-ppc64 + +
+ + + + + + + + + + + + +
+ + + diff --git a/tests/qemuxml2argvdata/ppc64-tpmproxy-single.xml b/tests/qemux= ml2argvdata/ppc64-tpmproxy-single.xml new file mode 100644 index 0000000000..729a2cdf28 --- /dev/null +++ b/tests/qemuxml2argvdata/ppc64-tpmproxy-single.xml @@ -0,0 +1,33 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + + + + + destroy + restart + restart + + /usr/bin/qemu-system-ppc64 + +
+ + + + + + + +
+ + + diff --git a/tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.xml b/tests/qem= uxml2argvdata/ppc64-tpmproxy-with-tpm.xml new file mode 100644 index 0000000000..a61ec9845c --- /dev/null +++ b/tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.xml @@ -0,0 +1,36 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + + + + + destroy + restart + restart + + /usr/bin/qemu-system-ppc64 + +
+ + + + + + + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 43e76956cc..ba82da5f4b 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2966,6 +2966,18 @@ mymain(void) QEMU_CAPS_NEC_USB_XHCI, QEMU_CAPS_DEVICE_QEMU_XHCI); =20 + DO_TEST_PARSE_ERROR("ppc64-tpmproxy-double", + QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE, + QEMU_CAPS_PCI_OHCI, + QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, + QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY); + + DO_TEST_PARSE_ERROR("ppc64-tpm-double", + QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE, + QEMU_CAPS_PCI_OHCI, + QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, + QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY); + DO_TEST("aarch64-usb-controller-qemu-xhci", QEMU_CAPS_OBJECT_GPEX, QEMU_CAPS_NEC_USB_XHCI, diff --git a/tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-latest.xm= l b/tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-latest.xml new file mode 100644 index 0000000000..4e0e5f24b8 --- /dev/null +++ b/tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-latest.xml @@ -0,0 +1,42 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + + + + + + POWER9 + + + destroy + restart + restart + + /usr/bin/qemu-system-ppc64 + +
+ + + + + + + + + + + +
+ + + + diff --git a/tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-latest.= xml b/tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-latest.xml new file mode 100644 index 0000000000..2e0dab4b33 --- /dev/null +++ b/tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-latest.xml @@ -0,0 +1,46 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + + + + + + POWER9 + + + destroy + restart + restart + + /usr/bin/qemu-system-ppc64 + +
+ + + + + + + +
+ + + + + + + +
+ + + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 033f81013e..8360d5eeca 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -609,6 +609,8 @@ mymain(void) DO_TEST("controller-usb-order", QEMU_CAPS_PIIX_DISABLE_S3, QEMU_CAPS_PIIX_DISABLE_S4); + DO_TEST_CAPS_ARCH_LATEST("ppc64-tpmproxy-single", "ppc64"); + DO_TEST_CAPS_ARCH_LATEST("ppc64-tpmproxy-with-tpm", "ppc64"); =20 DO_TEST_FULL("seclabel-dynamic-baselabel", WHEN_INACTIVE, ARG_QEMU_CAPS, NONE); --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379133; cv=none; d=zohomail.com; s=zohoarc; b=P/Tp1Tmb+VMtBhDJpSbnf40ycLuH7S8iw2nx5VDoQSMEE9rWDsTU8htOQ4f4sokcfaFTV4l8lwdm8Ls/e/TvgZ+mvby8kQ5FB7nZoAnaFSaTh1IHclvaQhTU18Ig7KAGG3GlYFmlO1W8jLZodLthadPDaSVQqltzO200tjCad+4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379133; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Gppxy3UOmo0zY6+O2WcUZXybquBxUw811CSZ88aSM5A=; b=QmMCqib+dyI6ATKtwf4UAF/nIy57sALjzHCo1rrHrzEMXqUo/13psxbXSOILQp16rpkXTtAeAeGwPQGHESf1w/xhie3Aqp8S/GyMGtyP+EgmOOtvKIO3XnS0haPY2Y1kTsf7CqiJKaWJYNiPJqiYwPWjyAzi2bEviaPGuMl5oBg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1589379133694288.69944503715533; Wed, 13 May 2020 07:12:13 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-101-ssPikIaTMUGz1FVEZ1_UYg-1; Wed, 13 May 2020 10:12:10 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 84B501009454; Wed, 13 May 2020 14:12:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 651F95D9E8; Wed, 13 May 2020 14:12:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2CA711806B0B; Wed, 13 May 2020 14:12:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB6VK026939 for ; Wed, 13 May 2020 10:11:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id BF0852018297; Wed, 13 May 2020 14:11:05 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D770D2029F72 for ; Wed, 13 May 2020 14:11:04 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 18FAB804025 for ; Wed, 13 May 2020 14:11:04 +0000 (UTC) Received: from mail-qt1-f196.google.com (mail-qt1-f196.google.com [209.85.160.196]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-372-s7IKsRaUPLuKYK_kxMirEg-1; Wed, 13 May 2020 10:11:01 -0400 Received: by mail-qt1-f196.google.com with SMTP id b1so13448845qtt.1 for ; Wed, 13 May 2020 07:11:01 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:11:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379132; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Gppxy3UOmo0zY6+O2WcUZXybquBxUw811CSZ88aSM5A=; b=fThjmqSB/hjI0GBUtuPubTg0BqEgRbhpZsk6ZUchqmOwjM2S0YzAUVanW43xuU/ep7Isqg YobRVIT1uSqAnXKrEfUwziL8bjr5u0f+xA/jopeTXPNWfG5jpazTDABUzW5yPRkjvB3nY9 vl1EyG9u+fKEkszXF2rt7flfmL3OEwQ= X-MC-Unique: ssPikIaTMUGz1FVEZ1_UYg-1 X-MC-Unique: s7IKsRaUPLuKYK_kxMirEg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Gppxy3UOmo0zY6+O2WcUZXybquBxUw811CSZ88aSM5A=; b=Cj63sA9wMS7qdv6GrYo3Bez0wP42MRyKgmasrScbM/2j6I2AsBz/+FCcNoZjK/A1+u VldUdcJioYkE8nEjMtJo7CxkMXI8Ocrez80dF5e6V/btgZrDhHipmZvFAEX93ixqpaij QnE3N0PvdkHI8Px2bWmFPyrSQtnA78uCMKBJ3rbbn/J2soAXcZafIbyyo4u2n1Ol2Iji vf0qplIbVTa+YqqnLkZlvDUwbKKiJp/3y8xWuZv4mgXDL+EK02QT6luRi8sSwdEqmSDD 2OmSJdzQrZJKJS1Bfsyhda0rpDSjd7hGx/Dc9swWQmEqMVlQQGnG5wvCpvhfOaq0vUTz cxtA== X-Gm-Message-State: AGi0Puau63lXHzzgAYXxVMVTdlC+nmuvW/aC4oM49FuT5kD10E6Jj58C 74gWruQKuDnVjSd3en0edwnfVl5Rf4w= X-Google-Smtp-Source: APiQypJrwr5Rv5deKwBu2nUs2IV/ws1K+8NeWu+ibpmMYpXqY+kHIx6I1bUPdPKZ6/QGEdAculjKRA== X-Received: by 2002:aed:3ac8:: with SMTP id o66mr28063807qte.110.1589379060792; Wed, 13 May 2020 07:11:00 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 6/8] qemu: build command line for the TPM Proxy device Date: Wed, 13 May 2020 11:10:37 -0300 Message-Id: <20200513141040.2580726-7-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This patch wraps it up all the wiring done in previous patches, enabling a PPC64 guest to launch a guest using a TPM Proxy device. Note that device validation is already being done in qemu_validate.c, qemuValidateDomainDeviceDefTPM(), on domain define time. We don't need to verify QEMU capabilities for this device again inside qemu_command.c. Signed-off-by: Daniel Henrique Barboza Reviewed-by: Stefan Berger --- src/qemu/qemu_alias.c | 16 ++++++++++++++++ src/qemu/qemu_command.c | 21 +++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index b0ea62af39..08fe5aa501 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -413,6 +413,18 @@ qemuAssignDeviceTPMAlias(virDomainTPMDefPtr tpm, } =20 =20 +static int +qemuAssignDeviceTPMProxyAlias(virDomainTPMDefPtr tpmproxy, + int idx) +{ + if (tpmproxy->info.alias) + return 0; + + tpmproxy->info.alias =3D g_strdup_printf("tpmproxy%d", idx); + return 0; +} + + int qemuAssignDeviceRedirdevAlias(virDomainDefPtr def, virDomainRedirdevDefPtr redirdev, @@ -673,6 +685,10 @@ qemuAssignDeviceAliases(virDomainDefPtr def, virQEMUCa= psPtr qemuCaps) if (qemuAssignDeviceTPMAlias(def->tpm, 0) < 0) return -1; } + if (def->tpmproxy) { + if (qemuAssignDeviceTPMProxyAlias(def->tpmproxy, 0) < 0) + return -1; + } for (i =3D 0; i < def->nmems; i++) { if (qemuAssignDeviceMemoryAlias(NULL, def->mems[i], false) < 0) return -1; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index bfe70ed228..0b97db7388 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -8981,6 +8981,24 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static int +qemuBuildTPMProxyCommandLine(virCommandPtr cmd, + const virDomainDef *def) +{ + const virDomainTPMDef *tpmproxy =3D def->tpmproxy; + + if (!tpmproxy) + return 0; + + virCommandAddArg(cmd, "-device"); + virCommandAddArgFormat(cmd, "%s,id=3D%s,host-path=3D%s", + virDomainTPMModelTypeToString(tpmproxy->model), + tpmproxy->info.alias, + tpmproxy->data.passthrough.source.data.file.pat= h); + + return 0; +} + static int qemuBuildSEVCommandLine(virDomainObjPtr vm, virCommandPtr cmd, virDomainSEVDefPtr sev) @@ -9662,6 +9680,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildTPMCommandLine(cmd, def, qemuCaps) < 0) return NULL; =20 + if (qemuBuildTPMProxyCommandLine(cmd, def) < 0) + return NULL; + if (qemuBuildInputCommandLine(cmd, def, qemuCaps) < 0) return NULL; =20 --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379112; cv=none; d=zohomail.com; s=zohoarc; b=har1aBWO1S2KCskBRAboV38WlCigFx9QwsqpPf9GbwPgK3647B37TiHs1tT2BBvpLqSKzwI+Zps5ISjQwHjUBg8vV+iXqDtdwROnVsSeKVvaV1dm1BYETEDWFXt7PLTXBlU1d8tpQQrhmrAacB4w6eyqtGlKfdgHqKdQC84/OYQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379112; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=E0KiAZ50gOv5nlpSB9u2jtMjgFurkIqLYnr4cw/e5t4=; b=ZUnncqiL6Q2c7w7Gek/YxMtzaA8+fNW57HUp72+yF2tFkeR0u2/C5utNenjVSnSNTdKEFu3WtpfKvyiZImC++8Q/+0q2FSsomPFjpZ9CSeVoDRKbUaJbZuoDtJTbA6WF6NidPv3Y5zF35Fz/yoIIfqhSukwOOBcrFUKpg5QGxRs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1589379112474585.0343172126322; Wed, 13 May 2020 07:11:52 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-124-bK1s_6jOMYas1LyquilRlQ-1; Wed, 13 May 2020 10:11:47 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 765128014C0; Wed, 13 May 2020 14:11:41 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3004D5C1D2; Wed, 13 May 2020 14:11:41 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E02CD4CAA8; Wed, 13 May 2020 14:11:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB9lX026958 for ; Wed, 13 May 2020 10:11:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id 45316128A8D; Wed, 13 May 2020 14:11:08 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 43869128A9B for ; Wed, 13 May 2020 14:11:06 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 97F58804025 for ; Wed, 13 May 2020 14:11:06 +0000 (UTC) Received: from mail-qv1-f67.google.com (mail-qv1-f67.google.com [209.85.219.67]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-437-h13IWWdBMXWNePAWHG4NFQ-1; Wed, 13 May 2020 10:11:03 -0400 Received: by mail-qv1-f67.google.com with SMTP id z5so6268463qvw.4 for ; Wed, 13 May 2020 07:11:03 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.11.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:11:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379110; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=E0KiAZ50gOv5nlpSB9u2jtMjgFurkIqLYnr4cw/e5t4=; b=dbC9VkYuvZTmnBBcoLPFBAj3+fQ+nHlJkA3hboInWbuZItTgelPdEUUWFo/a+VG4NLdD2b 0qNztFzuJwJE6/sFobMUvGdNesQ4S6fhmG9yWxyO2ozknvuxch6dQGq2WXlWDnrX7jG91a PMJJDUrd+Csg/WckeSUtPXKAUlzFNmk= X-MC-Unique: bK1s_6jOMYas1LyquilRlQ-1 X-MC-Unique: h13IWWdBMXWNePAWHG4NFQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=E0KiAZ50gOv5nlpSB9u2jtMjgFurkIqLYnr4cw/e5t4=; b=AyzC9FQeZwTXxCsIlC0vhOztytZnJRIJrFmSMvXml9KkbKM88L+cnUFkxDVtcHEJat B4Yxgh7Nt+KDstrCyZ+o+e0CfND900bxeNAvxSO77jOJNwC0/xbtloe3UgkdMzKdlAkY js87F1N36Gr6meV/egWz2HLkYYqpLuAmSlqEb8lyBGi8QY+33y2T96I582Z3yc/0Fe15 j/CI646hQeyyb8Y/8oukxx6NbK6iR81Gy3UwdHaTpJ4cSaQJwcWLJYKkOfBtvPgUm1Cu koB+myRqUpYS6paKDHwheUKN7KNYxlYQOUEf6pPXuc6UIM8DvIB+UP2iy/qNDLdddFRx RU5g== X-Gm-Message-State: AGi0Pubr02MERxavd0cOx43GGizdU/OUAUjDhNnZbkS7xrqlO8K/PWba 4MT5ryewIoD7EUzWuHjOGBL4y7ldJBw= X-Google-Smtp-Source: APiQypJcgDxwIGatZacYPAcHRfQhfQGmPE+puL3NqpFX+RugoOScQ60eg6pGzY+07ZpqNbKb+RetjA== X-Received: by 2002:a0c:b3dc:: with SMTP id b28mr26653066qvf.217.1589379062469; Wed, 13 May 2020 07:11:02 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 7/8] tests/qemuxml2argvtest.c: add TPM Proxy command line tests Date: Wed, 13 May 2020 11:10:38 -0300 Message-Id: <20200513141040.2580726-8-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Add tests for both supported scenarios: a single TPM Proxy and a TPM Proxy with a regular TPM device in the same domain. Signed-off-by: Daniel Henrique Barboza Reviewed-by: Stefan Berger --- .../ppc64-tpmproxy-single.ppc64-latest.args | 34 +++++++++++++++++ .../ppc64-tpmproxy-with-tpm.ppc64-latest.args | 37 +++++++++++++++++++ tests/qemuxml2argvtest.c | 3 ++ 3 files changed, 74 insertions(+) create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-late= st.args create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-la= test.args diff --git a/tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-latest.args= b/tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-latest.args new file mode 100644 index 0000000000..f606cee16b --- /dev/null +++ b/tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-latest.args @@ -0,0 +1,34 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-ppc64 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-machine pseries,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-cpu POWER9 \ +-m 256 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device pci-ohci,id=3Dusb,bus=3Dpci.0,addr=3D0x1 \ +-device spapr-tpm-proxy,id=3Dtpmproxy0,host-path=3D/dev/tpmrm0 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x6 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-latest.ar= gs b/tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-latest.args new file mode 100644 index 0000000000..9908cd78e0 --- /dev/null +++ b/tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-latest.args @@ -0,0 +1,37 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-ppc64 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-machine pseries,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-cpu POWER9 \ +-m 256 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device pci-ohci,id=3Dusb,bus=3Dpci.0,addr=3D0x1 \ +-tpmdev emulator,id=3Dtpm-tpm0,chardev=3Dchrtpm \ +-chardev socket,id=3Dchrtpm,path=3D/dev/test \ +-device tpm-spapr,tpmdev=3Dtpm-tpm0,id=3Dtpm0,reg=3D0x00004000 \ +-device spapr-tpm-proxy,id=3Dtpmproxy0,host-path=3D/dev/tpmrm0 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x6 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index ba82da5f4b..6a57a4910d 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2978,6 +2978,9 @@ mymain(void) QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY); =20 + DO_TEST_CAPS_LATEST_PPC64("ppc64-tpmproxy-single"); + DO_TEST_CAPS_LATEST_PPC64("ppc64-tpmproxy-with-tpm"); + DO_TEST("aarch64-usb-controller-qemu-xhci", QEMU_CAPS_OBJECT_GPEX, QEMU_CAPS_NEC_USB_XHCI, --=20 2.26.2 From nobody Mon Nov 25 22:53:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379114; cv=none; d=zohomail.com; s=zohoarc; b=BYumDIYx4C5WIJf5h1oOsAoCoWezT1nvMGmOb8RI09cAIrmLsZBaQRUO2azgqfbGtVQHDTIgAAjhUaq+Ilx3DwiUATWEmaJQNjPWJV3coRbbecO/1dTJ2Ox1c5NKUCeSttEe3bePQf+WhRCZcUesVNQbBvpd4aiLm5MuYSQJPHo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379114; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=yLaU45yp16ZXWsSvtS284zc7NbfWfBlxR001FFKOG7M=; b=gbyoOcHyv8ebZNsDwVswcded+DagqIGk2MiYuKHfUoD3+3ZDH/5AUx0ndd4InFtQIwlAFHIYgKBcXDcwyELkv1grwrEDqE6J2sWRC1HrHDKVlcM3AC6nD7fFCO+uMM14fXS4AjY6CbYdq9uYpmY7hGADCUl8Q5PqwnGvVsi5ePU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1589379114851978.3345625663392; Wed, 13 May 2020 07:11:54 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-117-9X6j7O5pO0-B0uBruBfSQg-1; Wed, 13 May 2020 10:11:50 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5A0AAD84A4; Wed, 13 May 2020 14:11:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 395C86B8C1; Wed, 13 May 2020 14:11:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0A99A1809543; Wed, 13 May 2020 14:11:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB9WK026967 for ; Wed, 13 May 2020 10:11:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id E882D2026E1C; Wed, 13 May 2020 14:11:08 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 403702029F70 for ; Wed, 13 May 2020 14:11:08 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EF98A1097AC8 for ; Wed, 13 May 2020 14:11:07 +0000 (UTC) Received: from mail-qv1-f66.google.com (mail-qv1-f66.google.com [209.85.219.66]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-221-0aHQNGLmOa2wBf-OPfo8hQ-1; Wed, 13 May 2020 10:11:04 -0400 Received: by mail-qv1-f66.google.com with SMTP id z5so6268501qvw.4 for ; Wed, 13 May 2020 07:11:04 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.11.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:11:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379113; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=yLaU45yp16ZXWsSvtS284zc7NbfWfBlxR001FFKOG7M=; b=eEmFG2T2MtqC7KSdLxSmZIbSc4Ri4DWeNp9lVsSvUEWLf605xk8Yf3uTA3/soLO6SAEHKu QclqhbybJQda5/UO16iBCG+PFbQQiyrNhVHKKvAkNT4Ku4mCFD2TmOXxQrvS1uhXZc0kcU 4nFM5xk0ji3t2As2nfzrDwvRvS0mxyI= X-MC-Unique: 9X6j7O5pO0-B0uBruBfSQg-1 X-MC-Unique: 0aHQNGLmOa2wBf-OPfo8hQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yLaU45yp16ZXWsSvtS284zc7NbfWfBlxR001FFKOG7M=; b=rvXtzHEZBU578YhaIdQmKPs6zBbE6szmHUJ7DxTo6axO1ScqCQrWgXgvGXWGId9AlA sAw25ZpHeRhC98Qg/czYa2x2wxhYeitFWiWwf0G2TR6WukmDwcuicV2q8RKwSbdlWpQ5 Zs9pz/eWlEWCuU+lwEOY42nLIZc1/2mT4hR34c6WwkWL4tX/krmPfV3w7HzuQYv1J5vb FsESLo0SJMZypeXnDgm9E6HKdxruOu8xQd/lVMQUiYDe4uB+9pFbHja9WrPhivt18ibE 6xE9Vj7wEHGiYupZik9Hb5Y5yBxx5TMboZnhXWud5tl8tSVddCtDLYcm0SwcC7o5LWS4 qA9g== X-Gm-Message-State: AGi0PuYdRjLQq1Tq53GCWm1NZIsdqzhEZXaW4GgCvXWAEZ7+SB4OeNv5 ZoPVbkFfjxc/93+0bkPHV4sFTkQQErg= X-Google-Smtp-Source: APiQypIiSSxyHk+Es/Ehh4BhAsxf9YTJIvUbQYFAZ0Yaz+9v+OxHedKEyKqBmEjR98tmzigNIGsuqQ== X-Received: by 2002:a05:6214:1152:: with SMTP id b18mr14004855qvt.13.1589379064122; Wed, 13 May 2020 07:11:04 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 8/8] docs/news.xml: update for the new TPM Proxy device Date: Wed, 13 May 2020 11:10:39 -0300 Message-Id: <20200513141040.2580726-9-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Daniel Henrique Barboza --- docs/news.xml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 4cef804aac..452f73479e 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -44,6 +44,21 @@
+ + + qemu: add TPM Proxy device support + + + libvirt can now create guests using a new device type called + "TPM Proxy". This new device type connects with a TPM Resource + Manager in the host, which allows multiple processes to access + TPM features concurrently. Only one TPM Proxy is allowed per + guest. A guest using a TPM Proxy device can instantiate another + TPM device at the same time. This device is supported only for + pSeries guests via the new 'spapr-tpm-proxy' model of the TPM + 'passthrough' backend. + +
--=20 2.26.2